tpl: check slice bounds in slicestr

author bep <bjorn.erik.pedersen@gmail.com>

Thu, 30 Apr 2015 09:26:34 +0000 (11:26 +0200)

committer bep <bjorn.erik.pedersen@gmail.com>

Thu, 30 Apr 2015 09:26:45 +0000 (11:26 +0200)
author bep <bjorn.erik.pedersen@gmail.com>
Thu, 30 Apr 2015 09:26:34 +0000 (11:26 +0200)
committer bep <bjorn.erik.pedersen@gmail.com>
Thu, 30 Apr 2015 09:26:45 +0000 (11:26 +0200)
diff --git a/tpl/template_funcs.go b/tpl/template_funcs.go

index 68b0a22718dfafce88612ba350bc529166887e6d..4e07d8f395f70cd9c4ca10fdb6d7ffc819bc53db 100644 (file)
--- a/tpl/template_funcs.go
+++ b/tpl/template_funcs.go
@@ -139,7 +139,14 @@ func Slicestr(a interface{}, startEnd ...int) (string, error) {
                 return "", errors.New("too many arguments")
         }
  
+       if len(startEnd) > 0 && (startEnd[0] < 0 || startEnd[0] >= len(aStr)) {
+               return "", errors.New("slice bounds out of range")
+       }
+
         if len(startEnd) == 2 {
+               if startEnd[1] < 0 || startEnd[1] > len(aStr) {
+                       return "", errors.New("slice bounds out of range")
+               }
                 return aStr[startEnd[0]:startEnd[1]], nil
         } else if len(startEnd) == 1 {
                 return aStr[startEnd[0]:], nil
diff --git a/tpl/template_funcs_test.go b/tpl/template_funcs_test.go

index 8e99f2fb478628d6cdf393e4db6dc07d4e6d50f0..3a51e741d86f7f0b859815f192413cad62e382dd 100644 (file)
--- a/tpl/template_funcs_test.go
+++ b/tpl/template_funcs_test.go
@@ -291,6 +291,11 @@ func TestSlicestr(t *testing.T) {
                 {"abcdef", []int{2}, "cdef"},
                 {123, []int{1, 3}, "23"},
                 {123, []int{1, 2, 3}, false},
+               {"abcdef", []int{6}, false},
+               {"abcdef", []int{4, 7}, false},
+               {"abcdef", []int{-1}, false},
+               {"abcdef", []int{-1, 7}, false},
+               {"abcdef", []int{1, -1}, false},
                 {tstNoStringer{}, []int{0, 1}, false},
         } {
                 result, err := Slicestr(this.v1, this.v2...)
diff --git a/tpl/template_test.go b/tpl/template_test.go

index e3ce56a33c2370d8c96dcc57c5987575295d9c38..87f3cac81676a56c115e70997cbcd1404c65bd51 100644 (file)
--- a/tpl/template_test.go
+++ b/tpl/template_test.go
@@ -11,7 +11,11 @@ func TestTplGoFuzzReports(t *testing.T) {
         for i, this := range []struct {
                 data      string
                 expectErr int
-       }{{"{{apply .C \"first\" }}", 2}} {
+       }{
+               // Issue #1089
+               {"{{apply .C \"first\" }}", 2},
+               // Issue #1090
+               {"{{ slicestr \"000000\" 10}}", 2}} {
                 templ := New()
  
                 d := &Data{
author	bep <bjorn.erik.pedersen@gmail.com>
	Thu, 30 Apr 2015 09:26:34 +0000 (11:26 +0200)
committer	bep <bjorn.erik.pedersen@gmail.com>
	Thu, 30 Apr 2015 09:26:45 +0000 (11:26 +0200)
tpl/template_funcs.go		patch \| blob \| history
tpl/template_funcs_test.go		patch \| blob \| history
tpl/template_test.go		patch \| blob \| history